Password Protection with Apache on Linux
Password Protection in Website running on Apache Hosted on Linux Remote Server or VPS
Enhance the security of your website by leveraging basic authentication with Apache on your Linux server. This guide walks you through creating login credentials, configuring password protection for a specific directory, and restarting Apache to apply the changes.
Prerequisites:
- An Apache web server running on a Linux server/VPS with root or sudo privileges.
- Basic understanding of command line editing.
- Access to your server via SSH.
Security Considerations:
- Password Strength: Choose strong and unique passwords for enhanced security. Consider using a password manager to generate and store complex passwords.
- Alternative Methods: Basic authentication transmits credentials in Base64 encoding, which is not ideal for highly sensitive areas. Explore alternative methods like HTTPS with client-side certificates for more robust security when handling sensitive data.
- Regular Updates: Keep your Apache web server and operating system updated with the latest security patches to address vulnerabilities.
- Create Login Credentials
htpasswd -c /etc/apache2/.htpasswd user_name
- Verify that Credential has been Created
cat /etc/apache2/.htpasswd
- Go to /etc/apache2/sites-available
cd /etc/apache2/sites-available
- Open the Required Virtual Host File
nano 000-default.conf
- Add below Content
<Directory /var/www/html/admin>
AuthType Basic
AuthName "admin area"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
- Restart Apache
service apache2 restart